Growing awareness of the damage caused by security breaches, together with the increasing demand for a more mobile and remote workforce, will keep the worldwide market for security software buoyant, according to Gartner. Worldwide security software revenue is projected to total $10.5 billion in 2008, an 11.2 percent increase from 2007. The market is forecast to surpass $13.1 billion in 2012.

"Organisations are increasingly accepting the need to have a more 'open' connectivity with business third parties," said Ruggero Contu, principal research analyst at Gartner. "Consequently, assessing third-party security and defining how to securely communicate are becoming critical factors for businesses."

Contu said that small and midsize businesses (SMBs), in particular, are increasing their interest in security technology and services and are gradually moving away from stand-alone tools to integrated multifunctional products.

Gartner said that in the short term, prioritising selection of security technologies in the current business environment continues to be the top issue for enterprises, particularly with companies and government agencies facing pressure to demonstrate compliance under various regulatory requirements and to show business value and cost-effectiveness for security measures. Compliance with government regulations, such as the Sarbanes-Oxley Act (SOX), continues to play a significant role in security spending decisions. Investment is often justified because the downside of breaches and failure is so great.

"Security spending is driven by a variety of pressing concerns, the most immediate of which is the need to 'keep the bad guys out' through defensive measures, such as next-generation firewalls," said Contu. "However, the 'let the good guys in' discipline, such as identity and access management, is where business benefits and return on investment can be more clearly shown."
There are also some short-term barriers to market growth, such as the economic instability that is expected to weigh down IT budgets, particularly for the purchase of new software licenses. High levels of merger-and-acquisition activity can also inhibit new purchases because end users are wary of investing in new tools whose support could end following a merger or acquisition. Furthermore, competitive pressure is influencing the market, particularly certain segments, such as antivirus and e-mail security. The coming to market of large players, such as Microsoft and Google, will push prices down, affecting overall revenue growth in the next few years.

In the longer term, Gartner maintains that the need to have security tools in place to protect against malicious attacks and unintentional security incidents, such as leakage of sensitive corporate information, will remain. Security risks will evolve alongside the changes brought by new IT environments and new working practices, such as the use of mobile and remote workplaces. Increased regulations dealing with reliability — such as SOX and the Health Insurance Portability and Accountability Act — will continue to drive additional IT spending across the board, including information security.

However, the market is being affected by a change in product delivery, which will impact pricing. End users are increasingly interested in security-as-a-service options, particularly in certain segments. "Organisations are looking to optimise their IT infrastructure and trying to minimise the complexity of their product portfolios," said Contu. "In the long run, we expect to see more-converged security products, with increased pricing pressure on vendors."